Debian Security Advisory 1413-1 - Several vulnerabilities have been found in the MySQL database packages with implications ranging from unauthorized database modifications to remotely triggered server crashes.
3004a57524df98d6976c1c2e06fe87754fe4a48eaf25d9d14ca11b341229fb84
Secunia Security Advisory - Slackware has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
f5c40b4b33ce922c7330a668e7c566a51fce90dc4743dd8f955593ed281baaaa
Secunia Security Advisory - A vulnerability has been reported in feynmf, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
9a336d995af6ee59fcdb00497d17b9fb2bf0e7bddd916ab01fdd32c3cd5202dc
Secunia Security Advisory - Tim Brown has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
30454bbb7a5cb6044804aefcd1eeb3ff8762d12e8b0cf0f561d0d60d1e60d195
Secunia Security Advisory - A security issue has been reported in Invensys Wonderware InTouch, which potentially can be exploited by malicious users to compromise a vulnerable system.
d863e1700e4cce1e17662b881e23d8fbedbbb1c0ff6a2a82e3ffa38c96323a93
Debian Security Advisory 1409-2 - The previous security update for samba introduced regressions in the handling of the depreciated filesystem smbfs. This update fixes the regression(s) whilst still fixing the security problems. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
d70a3a64fa245941097ed490e8c67aafe93f38b1d67eee03a77465a45d074491
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
d835f86ef14e74728a943d02048b0b554bbdb72dc63348e0cbe2616f89718f20
A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system. Sentinel Protection Server version 7.1 is affected.
dffb03dd9181a15df67067f309c62e9515445ba6b21dab2a0a783789bdd11745
Citrix NetScaler version 8.0 suffers from a weakly encrypted cookie vulnerability in the web management interface.
d8a56f4916a2c3e12e3b2734f56249642178a6c288d3db176f89945ce6179991
Yahoo! suffered from a cross site scripting vulnerability using UTF-7. This has been fixed already.
2e06f080021ff60bcf8b9cb7489435c704164dac4045d1cfd13d9742c972bf6b
Gentoo Linux Security Advisory GLSA 200711-34 - Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 2.0.2-r2 are affected.
7b67b1016489ce2dc2c4b4acef3dea3f9d5c71b680d05fc40370606884914e36
Gentoo Linux Security Advisory GLSA 200711-33 - Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process. Versions less than 258 are affected.
9a9655e788342eb536edcb56980ac13a9d36bf70e3ec7a75becab68b2b67b33c
PHP versions 5.2.4 and below suffer from a htaccess safemode and open_basedir bypass vulnerability via mail.force_extra_parameters.
5cb1872002031e72e4addf8a9712d045e489374143dd9a086c89e49cc9fa814a
Debian Security Advisory 1412-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
ed2f83414ff3e14f7e07289bdb5c782888e2376074d021bac979dca15c1c977f
Debian Security Advisory 1411-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
84a2a39811848c21a5aae5f866f5aa0f30a44e456a13a848ee406e79cc4ef16f
Debian Security Advisory 1410-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
497756665c6f5c4cf52f9041b07c5a41ff282dfdfee0e1ec5700bd636e0ba660
Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The update packages on Corporate Server 4.0 resulted in the nmbd daemon crashing at startup. This update provides a newer version of samba (3.0.23d) that does not exhibit this behaviour.
de07a6fe0e701ed7b01f3f5eefbb5bb47c729a17d5667f73d90e8d5560bcb97f
Secunia Security Advisory - Adrian Pastor has reported some vulnerabilities in Linksys WAG54GS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
8458546f73097f38581716990e4ab5dceac1270f299ffc7296fc34f0d0d29890
Secunia Security Advisory - Gentoo has issued an update for feynmf. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
bd6c1c8c664447b083af84f8cd11d96a38c82bb6a800a969e991148666f6157d
Secunia Security Advisory - h07 has discovered a vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
21b112f803d8ec645ff1f25b33ba50fdd1e6e3cf60102ccb287be6f5186098c5
Secunia Security Advisory - Gentoo has acknowledged some vulnerabilities in cstetex, where some have unknown impacts and others can be exploited by malicious, local users to disclose and manipulate sensitive information, or by malicious users and malicious people to compromise a vulnerable system.
6f60fa6e32e699be7ee9e7209259c919828858697eb055b364db9e0b44c21091
Secunia Security Advisory - A vulnerability has been reported in IRC Services, which can be exploited by malicious people to cause a DoS (Denial of Service).
86780a9f4d2f00c1b684240837f335ada17a191d7268ea3ca920b2719df7df6b
Secunia Security Advisory - Debian has issued an update for ruby1.8. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
406cba3e5f84e133ac395161076cc6bb4167838faea488727e59750a2d5ea703
Secunia Security Advisory - Gentoo has issued an update for nss_ldap. This fixes a security issue, which can be exploited by malicious people to manipulate certain data.
4aa87906b97ad502967b3dcc219bb90b8ee5c706b771656511675dd368b0d5d2
Secunia Security Advisory - Debian has issued an update for libopenssl-ruby. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
5bc2b852e87a2982d0042f30f6dff17f000ae28d7f7d37f2755d7804f0600e40